Exclusive access to Insight for Trickest Solutions is provided solely for Enterprise users. If you are interested in learning more about the Enterprise Edition, please contact us.
Overview
Insights is the analysis layer of a Trickest Solution. It consolidates results from workflow runs into fast, searchable datasets so you can track change over time, filter precisely, and focus on what matters. Insights is built on three main pillars:- Unified data — module outputs are normalized into consistent, queryable tables.
- Real‑time updates — new results appear as runs complete.
- History-aware views — statuses highlight what changed between runs (e.g., new, resurfaced, removed, unchanged).
How Insights Works
1
Runs produce artifacts
Each node outputs structured tables (per module).
2
Normalization & merge
The platform aligns fields (e.g., hosts, IPs, ports, technologies) into datasets.
3
Index & filter
Datasets are indexed for low‑latency querying from the Insights UI.
4
Change & history tracking
Deltas between runs determine the status shown on each row.
Typical datasets include Subdomains, IP Addresses, Open Ports, Network Services, and Web Servers. Actual datasets depend on the modules present in your workflow.
Navigation
Dataset bar
Switch between datasets attached to the Solution. Counters show recent changes at a glance so you can prioritize where to start.
Query bar
Type filters to narrow results. Autocomplete and inline validation help you compose precise conditions without memorizing field names.
Views
Select fields, reorder columns, define sorting, and save the layout for reuse. Views help teams standardize triage setups.
Creating a View
1
Select a dataset
Choose the dataset you want to create a view for from the dataset bar.
2
Customize columns
Click on the column selector to add, remove, or reorder fields. Drag columns to adjust their position in the table.
3
Apply filters and sorting
Use the query bar to define filters, then configure sorting by clicking on column headers.
4
Save the view
Click the Save View button, provide a descriptive name, and confirm. The view becomes available to all team members with access to the Solution.
Create multiple views for different workflows—for example, a “High‑Priority Findings” view with filters for critical vulnerabilities, or a “Recent Changes” view focusing on new and resurfaced statuses.
Row details
Click onView button when hovering over row to open more details, go through the history of changes or collaborate with other team members.
Statuses & Change Tracking
Insights labels each row based on differences between the latest runs:- New — first time the item was observed in the selected window.
- Resurfaced — previously observed, then absent, and observed again.
- Removed / Missing — present before but not observed in the latest results.
- Unchanged — still present with no significant change.
Treat Removed/Missing as a signal to verify. Transient network or DNS issues can create temporary absences.
Working with Insights via API
Every Solution includes an API Docs panel with ready‑to‑use requests (curl, Python, JavaScript) that are scoped to your workspace and the selected dataset. You can:- List datasets attached to a Solution.
- Apply the same filters used in the UI to retrieve records.
- Page through results for downstream systems and reporting.
Open a Solution → API Docs to copy examples with the correct base URL and identifiers.
Troubleshooting
- Zero results — often means filters are too restrictive. It can also mean data isn’t ingested yet (run still in progress) or the workflow output isn’t connected to the target dataset. Remove conditions one by one, confirm the correct dataset is selected, check run completion, and verify node→dataset connections.
- Broad to narrow — begin with minimal filters, then add specificity.
- Pattern matching — if a field supports it, use concise patterns for performance.
For filter syntax and operator details, see the Query Language – Syntax page.